On 2021-03-02, Jean-Pierre de Villiers <[email protected]> wrote: > The entry openfiles-cur=1024 is overriding the entry openfiles=1024. > Note that openfiles=value sets both openfiles-max=value and > openfiles-cur=value. > > The setting openfiles-max setting is the upper limit which can only be > changed by root while any user can change their own openfiles-cur up the > maximum value set previously. You will either need to increase > openfiles-cur or remove it completely and only have openfiles=4096. > > All this info and more is contained in login.conf(5) and getrlimit(2).
yep. > However, I believe the recommended practice would be to create a new > login class, called 'relayd' say, that inherits from the daemon class. > This is specified using the entry: tc=daemon. Otherwise, every process > running as a user in the daemon class will have these heightened > privileges - and there's a lot of them. For daemons started by rc.d, the class is set by the rc script, by default to a class named after the daemon if it exists (i.e. "relayd"), if not then fallback to "daemon" (unless you set "relayd_class" in rc.conf.local). The class set in the passwd file isn't used. > > $ doas cap_mkdb /etc/login.conf I would just rm the db file, it isn't present by default. The optimization isn't so useful these days, and it one more thing to (remember|forget) when you change the file..
